Hi,

On Fri, Sep 16, 2016 at 6:46 AM, Sebastian Andrzej Siewior <
sebast...@breakpoint.cc> wrote:

> Package: spdylay
> Version: 1.3.2-2
> Severity: important
> Tags: patch
> Control: block 827061 by -1
> Control: user pkg-openssl-devel-requ...@lists.alioth.debian.org
> Control: usertag -1 openssl-1.1-trans-keypkg
> Control: usertag -1 openssl-1.1-trans
>
> This package fails currently to compile against openssl 1.1.0 (currently
> available in experimental). The issues look not openssl specific. The
> full build of the build failure is available
>   https://breakpoint.cc/openssl-1.1-rebuild-2016-08-26/failed/
> spdylay_1.3.2-2_amd64-2016-08-26T19%3A47%3A25Z
>
> With the patch attached is manages to build. The testsuite fails then :)
> The SSL error message was obtained via ERR_print_errors_fp(stderr):
>
> | =========================================
> |    spdylay 1.3.2: tests/test-suite.log
> | =========================================
> |
> | # TOTAL: 3
> | # PASS:  2
> | # SKIP:  0
> | # XFAIL: 0
> | # FAIL:  1
> | # XPASS: 0
> | # ERROR: 0
> |
> | .. contents:: :depth: 2
> |
> | FAIL: end_to_end.py
> | ===================
> |
> | SSL_CTX_use_certificate_file failed.
> | 140680762493824:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee
> key too small:ssl/ssl_rsa.c:305:
> | Could not connect to the host: localhost:9893
> | error:1408F10B:SSL routines:ssl3_get_record:wrong version number
> | Could not connect to the host: localhost:79
> | FCould not connect to the host: localhost:2
> | .Could not connect to the host: localhost:9893
> | Could not connect to the host: localhost:9893
> | FCould not connect to the host: localhost:9893
> | FCould not connect to the host: localhost:9893
> | FSSL_CTX_use_certificate_file failed.
> | 140100289985408:error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee
> key too small:ssl/ssl_rsa.c:305:
> | Could not connect to the host: localhost:9893
>
> So it looks like the key in the test is too small.
>
> Sebastian
>

‚ÄčThank you for the patch.  It has been applied and merged into master
branch.
I've made another couple of commits‚Äč to fix OpenSSL 1.1.0 deprecation
warnings.

spdylay end-to-end test (which failed above) require libevent which is also
built with OpenSSL 1.1.0.  But it seems the latest stable libevent does not
compile OpenSSL 1.1.0.  I guess that the above error "wrong version number"
could mean that libevent has been built with older OpenSSL version.

For key size issues, I renewed key pair, and now use 2048 bits public key
rather than 512 bits.

Best regards,
Tatsuhiro Tsujikawa

Reply via email to